[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 08 Mar 2018 13:10:49 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6fdbd0d2 by security tracker role at 2018-03-08T21:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,269 @@
+CVE-2018-7888
+       RESERVED
+CVE-2018-7887
+       RESERVED
+CVE-2018-7886
+       RESERVED
+CVE-2018-7885
+       RESERVED
+CVE-2018-7884
+       RESERVED
+CVE-2018-7883
+       RESERVED
+CVE-2018-7882
+       RESERVED
+CVE-2018-7881
+       RESERVED
+CVE-2018-7880
+       RESERVED
+CVE-2018-7879
+       RESERVED
+CVE-2018-7878
+       RESERVED
+CVE-2018-7877 (There is a heap-based buffer overflow in the getString function 
of ...)
+       TODO: check
+CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found 
in the ...)
+       TODO: check
+CVE-2018-7875 (There is a heap-based buffer over-read in the getString 
function of ...)
+       TODO: check
+CVE-2018-7874 (An invalid memory address dereference was discovered in 
strlenext in ...)
+       TODO: check
+CVE-2018-7873 (There is a heap-based buffer overflow in the getString function 
of ...)
+       TODO: check
+CVE-2018-7872 (An invalid memory address dereference was discovered in the 
function ...)
+       TODO: check
+CVE-2018-7871 (There is a heap-based buffer over-read in the getName function 
of ...)
+       TODO: check
+CVE-2018-7870 (An invalid memory address dereference was discovered in 
getString in ...)
+       TODO: check
+CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...)
+       TODO: check
+CVE-2018-7868 (There is a heap-based buffer over-read in the getName function 
of ...)
+       TODO: check
+CVE-2018-7867 (There is a heap-based buffer overflow in the getString function 
of ...)
+       TODO: check
+CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...)
+       TODO: check
+CVE-2018-7865
+       RESERVED
+CVE-2018-7864
+       RESERVED
+CVE-2018-7863
+       RESERVED
+CVE-2018-7862
+       RESERVED
+CVE-2018-7861
+       RESERVED
+CVE-2018-7860
+       RESERVED
+CVE-2018-7859
+       RESERVED
+CVE-2018-7858
+       RESERVED
+CVE-2018-7857
+       RESERVED
+CVE-2018-7856
+       RESERVED
+CVE-2018-7855
+       RESERVED
+CVE-2018-7854
+       RESERVED
+CVE-2018-7853
+       RESERVED
+CVE-2018-7852
+       RESERVED
+CVE-2018-7851
+       RESERVED
+CVE-2018-7850
+       RESERVED
+CVE-2018-7849
+       RESERVED
+CVE-2018-7848
+       RESERVED
+CVE-2018-7847
+       RESERVED
+CVE-2018-7846
+       RESERVED
+CVE-2018-7845
+       RESERVED
+CVE-2018-7844
+       RESERVED
+CVE-2018-7843
+       RESERVED
+CVE-2018-7842
+       RESERVED
+CVE-2018-7841
+       RESERVED
+CVE-2018-7840
+       RESERVED
+CVE-2018-7839
+       RESERVED
+CVE-2018-7838
+       RESERVED
+CVE-2018-7837
+       RESERVED
+CVE-2018-7836
+       RESERVED
+CVE-2018-7835
+       RESERVED
+CVE-2018-7834
+       RESERVED
+CVE-2018-7833
+       RESERVED
+CVE-2018-7832
+       RESERVED
+CVE-2018-7831
+       RESERVED
+CVE-2018-7830
+       RESERVED
+CVE-2018-7829
+       RESERVED
+CVE-2018-7828
+       RESERVED
+CVE-2018-7827
+       RESERVED
+CVE-2018-7826
+       RESERVED
+CVE-2018-7825
+       RESERVED
+CVE-2018-7824
+       RESERVED
+CVE-2018-7823
+       RESERVED
+CVE-2018-7822
+       RESERVED
+CVE-2018-7821
+       RESERVED
+CVE-2018-7820
+       RESERVED
+CVE-2018-7819
+       RESERVED
+CVE-2018-7818
+       RESERVED
+CVE-2018-7817
+       RESERVED
+CVE-2018-7816
+       RESERVED
+CVE-2018-7815
+       RESERVED
+CVE-2018-7814
+       RESERVED
+CVE-2018-7813
+       RESERVED
+CVE-2018-7812
+       RESERVED
+CVE-2018-7811
+       RESERVED
+CVE-2018-7810
+       RESERVED
+CVE-2018-7809
+       RESERVED
+CVE-2018-7808
+       RESERVED
+CVE-2018-7807
+       RESERVED
+CVE-2018-7806
+       RESERVED
+CVE-2018-7805
+       RESERVED
+CVE-2018-7804
+       RESERVED
+CVE-2018-7803
+       RESERVED
+CVE-2018-7802
+       RESERVED
+CVE-2018-7801
+       RESERVED
+CVE-2018-7800
+       RESERVED
+CVE-2018-7799
+       RESERVED
+CVE-2018-7798
+       RESERVED
+CVE-2018-7797
+       RESERVED
+CVE-2018-7796
+       RESERVED
+CVE-2018-7795
+       RESERVED
+CVE-2018-7794
+       RESERVED
+CVE-2018-7793
+       RESERVED
+CVE-2018-7792
+       RESERVED
+CVE-2018-7791
+       RESERVED
+CVE-2018-7790
+       RESERVED
+CVE-2018-7789
+       RESERVED
+CVE-2018-7788
+       RESERVED
+CVE-2018-7787
+       RESERVED
+CVE-2018-7786
+       RESERVED
+CVE-2018-7785
+       RESERVED
+CVE-2018-7784
+       RESERVED
+CVE-2018-7783
+       RESERVED
+CVE-2018-7782
+       RESERVED
+CVE-2018-7781
+       RESERVED
+CVE-2018-7780
+       RESERVED
+CVE-2018-7779
+       RESERVED
+CVE-2018-7778
+       RESERVED
+CVE-2018-7777
+       RESERVED
+CVE-2018-7776
+       RESERVED
+CVE-2018-7775
+       RESERVED
+CVE-2018-7774
+       RESERVED
+CVE-2018-7773
+       RESERVED
+CVE-2018-7772
+       RESERVED
+CVE-2018-7771
+       RESERVED
+CVE-2018-7770
+       RESERVED
+CVE-2018-7769
+       RESERVED
+CVE-2018-7768
+       RESERVED
+CVE-2018-7767
+       RESERVED
+CVE-2018-7766
+       RESERVED
+CVE-2018-7765
+       RESERVED
+CVE-2018-7764
+       RESERVED
+CVE-2018-7763
+       RESERVED
+CVE-2018-7762
+       RESERVED
+CVE-2018-7761
+       RESERVED
+CVE-2018-7760
+       RESERVED
+CVE-2018-7759
+       RESERVED
+CVE-2018-7758
+       RESERVED
+CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in ...)
+       TODO: check
+CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem 
(HNS) does ...)
+       TODO: check
 CVE-2018-7756
        RESERVED
 CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
@@ -334,7 +600,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for 
Node.js is prone to 
        NOTE: https://github.com/zkat/ssri/issues/10
        NOTE: https://nodesecurity.io/advisories/565
        NOTE: nodejs not covered by security support
-CVE-2018-1000119 (Sinatra rack-protection version 2.0.0.rc3 and earlier 
contains a ...)
+CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and 
earlier ...)
        - ruby-rack-protection <unfixed> (bug #892250)
        NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
        NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
@@ -1900,8 +2166,7 @@ CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops 
bad packets before upda
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
-CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit]
-       RESERVED
+CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 
4.2.8p6 ...)
        - ntp <unfixed>
        - ntpsec <not-affected> (Issue not present)
        NOTE: http://www.kb.cert.org/vuls/id/961909
@@ -7087,8 +7352,8 @@ CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, 
and 3.4.x before 3.4.4
        NOTE: 
https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
        NOTE: 
https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
        NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4
-CVE-2018-5313
-       RESERVED
+CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on 
Rapid ...)
+       TODO: check
 CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range 
validation ...)
        - matrixssl <removed>
        [wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
@@ -8368,12 +8633,12 @@ CVE-2018-4842
        RESERVED
 CVE-2018-4841
        RESERVED
-CVE-2018-4840
-       RESERVED
-CVE-2018-4839
-       RESERVED
-CVE-2018-4838
-       RESERVED
+CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All 
versions &lt; ...)
+       TODO: check
+CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All 
versions &lt; ...)
+       TODO: check
+CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet 
module ...)
+       TODO: check
 CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
        NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
@@ -16522,10 +16787,10 @@ CVE-2018-1445
        RESERVED
 CVE-2018-1444
        RESERVED
-CVE-2018-1443
-       RESERVED
-CVE-2018-1442
-       RESERVED
+CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single 
sign-on ...)
+       TODO: check
+CVE-2018-1442 (IBM Application Performance Management - Response Time 
Monitoring ...)
+       TODO: check
 CVE-2018-1441
        RESERVED
 CVE-2018-1440
@@ -16634,8 +16899,8 @@ CVE-2018-1389
        RESERVED
 CVE-2018-1388 (GSKit V7 may disclose side channel information via 
discrepancies ...)
        NOT-FOR-US: IBM WebSphere MQ
-CVE-2018-1387
-       RESERVED
+CVE-2018-1387 (IBM Application Performance Management for Monitoring &amp; 
Diagnostics ...)
+       TODO: check
 CVE-2018-1386
        RESERVED
 CVE-2018-1385
@@ -17703,18 +17968,18 @@ CVE-2018-1222
        RESERVED
 CVE-2018-1221
        RESERVED
-CVE-2018-1220
-       RESERVED
-CVE-2018-1219
-       RESERVED
+CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect 
...)
+       TODO: check
+CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper 
access ...)
+       TODO: check
 CVE-2018-1218
        RESERVED
 CVE-2018-1217
        RESERVED
-CVE-2018-1216
-       RESERVED
-CVE-2018-1215
-       RESERVED
+CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp 
Manager ...)
+       TODO: check
+CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp 
Manager ...)
+       TODO: check
 CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local 
Windows ...)
        NOT-FOR-US: EMC
 CVE-2018-1213
@@ -17783,8 +18048,8 @@ CVE-2018-1184 (An issue was discovered in EMC 
RecoverPoint for Virtual Machines 
        NOT-FOR-US: EMC
 CVE-2018-1183
        RESERVED
-CVE-2018-1182
-       RESERVED
+CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and 
Lifecycle ...)
+       TODO: check
 CVE-2018-1181
        RESERVED
 CVE-2017-17447
@@ -40751,15 +41016,15 @@ CVE-2017-9977 (AVG AntiVirus for MacOS with scan 
engine before 4668 might allow 
 CVE-2017-9976
        RESERVED
 CVE-2017-9975
-       RESERVED
+       REJECTED
 CVE-2017-9974
-       RESERVED
+       REJECTED
 CVE-2017-9973
-       RESERVED
+       REJECTED
 CVE-2017-9972
-       RESERVED
+       REJECTED
 CVE-2017-9971
-       RESERVED
+       REJECTED
 CVE-2017-9970 (A remote code execution vulnerability exists in Schneider 
Electric's ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9969 (An information disclosure vulnerability exists in Schneider 
Electric's ...)
@@ -49827,22 +50092,22 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows 
local users to gain privileg
        NOT-FOR-US: Proxifier for Mac
 CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin 
(aka ...)
        NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
-CVE-2017-7641
-       RESERVED
-CVE-2017-7640
-       RESERVED
+CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 
...)
+       TODO: check
+CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 
...)
+       TODO: check
 CVE-2017-7639
        RESERVED
-CVE-2017-7638
-       RESERVED
+CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 
...)
+       TODO: check
 CVE-2017-7637
        RESERVED
 CVE-2017-7636
        RESERVED
 CVE-2017-7635
        RESERVED
-CVE-2017-7634
-       RESERVED
+CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS 
application Media ...)
+       TODO: check
 CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive 
...)
        NOT-FOR-US: QNAP
 CVE-2017-7632
@@ -54743,8 +55008,8 @@ CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 
12.1.0 - 12.1.3.1, or 11.6.1
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6153
        RESERVED
-CVE-2017-6152
-       RESERVED
+CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 
with the ...)
+       TODO: check
 CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge 
Gateway, ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 
- ...)
@@ -67848,8 +68113,8 @@ CVE-2017-1627
        RESERVED
 CVE-2017-1626
        RESERVED
-CVE-2017-1625
-       RESERVED
+CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive 
information to ...)
+       TODO: check
 CVE-2017-1624
        RESERVED
 CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. 
This ...)
@@ -134630,13 +134895,11 @@ CVE-2014-7274 (The IMAP-over-SSL implementation in 
getmail 4.44.0 does not verif
 CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 
4.43.0 does ...)
        {DSA-3091-1 DLA-106-1}
        - getmail4 4.44.0-1 (bug #766670)
-CVE-2014-7272 [multiple vulnerabilities in sddm]
-       RESERVED
+CVE-2014-7272 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows 
local users ...)
        [experimental] - sddm 0.11.0-1
        - sddm 0.11.0-2
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
-CVE-2014-7271 [unauthenticated logins as sddm]
-       RESERVED
+CVE-2014-7271 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows 
local users ...)
        [experimental] - sddm 0.11.0-1
        - sddm 0.11.0-2
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fdbd0d2903b7393f3c69ff88d966b7f4590f707

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fdbd0d2903b7393f3c69ff88d966b7f4590f707
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to